Add the following to your htaccess file (if using cPanel) or Apache
<*Files xmlrpc.php>
order deny,allow
deny from all
<*/Files>
note: remove * from the com
or
if you are using nginx then add the following to the vhost config
location = /xmlrpc.php {
deny all;
access_log off;
log_not_found off;
}
abdullahsk
August 28, 2019 at 7:17 am
U can delete the file from the root directory of WordPress files
Or use htaccess
Deny xmlrpc php
abdullahsk
August 28, 2019 at 7:18 am
if you delete the file then a request is still being made causing a 404 error hence overloading. Best to just block access entirely.